Got spam? Let us know


I’ve been getting a few sporadic reports of SPAM that’s supposedly from hackaday.com on it. It’s a bit surprising, considering that the only email we send out automatically consists of comment confirmation requests to prevent comment SPAM.

So do me a favor… if you’ve gotten any, send it along with the email headers so I can track down the source and destroy er make it stop.

19 thoughts on “Got spam? Let us know

  1. I could imagine myself doing something like that…

    almost. Not quite.
    I suspect it’s someone’s idea of a prank.

  2. Here’s what I have from my Barracuda. In CSV. I removed you domain from the senders.
    “Sender Whitelisted”,Time,From,To,Subject,Action,Reason,Score,”Encryption Status”,Size,”Source IP”,”Delivery Status”,ID
    No,”2007-12-09 11:56:25″,EarleneBritton@YOURDOMAIN.com,garza@MYDOMAIN.com,,Blocked,”Invalid Recipient”,,None,,unknown[41.251.84.89],,1197219384-7451-10809-1
    No,”2007-12-07 12:06:41″,TamikaroachJoiner@YOURDOMAIN.com,garner@MYDOMAIN.com,,Blocked,”Invalid Recipient”,,None,,pool-71-127-12-214.spfdma.east.verizon.net[71.127.12.214],,1197047200-7447-9248-1

  3. It’s in such low volumes I presume it’s spammers spoofing the domain. I own a domain that never sends out any emails (web site only, no email addresses) and I sometimes get people claiming I sent them spam.

    Not really much that can be done about it…

  4. Today on Hack-a-day: How to spoof emails

    1. Open a command prompt
    2. Type telnet name.of.your.ISP.mailserver 25
    3. type: helo
    4. type: mail from: (this can be any address you want to spoof email from)
    5. type: rcpt to:
    6. type: data
    7. type: subject=spoofed email from HAD!
    8. type whatever you want in the email message
    9. end the message with a . on a new line

    Presto-Changeo people start complaining they are getting spam sent from hackaday.com

  5. eek, html formatting stripped out some details, on step 5 use: rcpt to: nospace < nospace emailaddress nospace >

    and do the same thing for step 4.

  6. probably the spammer posted a comment to the site then got the confirmation email then got the email address from the from line and crafted a phish message from the details.

    i hope we dont have to resort to decoding captcha’s to send comments.

  7. I wish the ISPs would only allow CORRECT header info to spew from their servers…

    How is it possible/allowed for people to falsify the from header?? Should be MANDATORY for servers to display CORRECT infoamtion…. So spammers can be TRACKED and STOPPED!… And sterilized.

  8. I have a php script on my site that sends ‘x’ URL via e-mail from the sender’s e-mail so that when the message is replied to, it goes back to the sender, not wannafork… works well to keep from MY mail server from getting crowded… not hard to do at all, and doesn’t look like it’s from my server at all…

  9. “ISPs should only allow correct header info”.

    Many do. However, that isn’t going to stop anybody who controls their own email server. I can load up sendmail on my machine right now and send all the mail claiming to be from hackaday I want.

    the Sender Policy Framework is designed to mitigate this problem. The recieving server confirms against a DNS record that the server sending mail is permitted to do so.

    I notice that Hackady does not have SPF records set up. This is probably one of the best tools at your disposal to stop these forged emails.

  10. Haven’t gotten any spam from you, but I do once in a while get a bounce of a spam that has been spoofed to look like it came from me, so I’d appreciate any advice on tracking down (etc.) spammers.

  11. More of the spam that I get are autoresponders, “User Not Found” or “Your spam has been blocked”. Sounds like someone’s having a field day with my domain.

    Ways to help it: Don’t set up a “Postmaster” or “catchall” email box: That will end up with the most spam like this. Bounces get bounced :)

    Again, email spoofers SUCK, and must be smacked.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s